Diversion Surveillance

Frequently Asked Questions

General FAQs: Diversion Surveillance from LogicStream Health™

How do I know which clinicians should be reviewed in more depth as a diversion risk?

Diversion Surveillance ranks all clinicians according to a Relative Risk Score. The software also identifies which clinicians have triggered a high-priority event during the prior day — or the last three days or seven days. This allows your team to prioritize their work and focus attention on the most recent events.

What is the timeline for the Relative Risk Score (RRS)?

Each clinician’s RSS is re-calculated each day based on a rolling 30-day window, that is, diversion risks that have occurred during the prior 30 days. You can see how a clinician’s RRS is trending up or down in a historical view covering up to 180 days.

How is the Relative Risk Score (RRS) calculated?

Diversion Surveillance includes more than 15 separate signals. Each signal is designed to detect a certain behavior that could indicate diversion. An “event” is generated when a signal has spotted a clinician engaging in that behavior. Each event contributes a weighted amount to the RSS.  The riskier the event, the higher the points for that event. The sum of these contributions from events during the prior 30 days is adjusted using a transform process to produce an approximately normal distribution.

Where are the data sources for Diversion Surveillance?

LogicStream Health’s has worked with hundreds of hospitals over more than nine years to develop a unique approach to integrating with electronic health record (EHR) systems. In addition to information from the EHR, the software also pulls information from automated dispensing systems (ADS), wholesalers, and time and attendance systems.

Who is included in the automated surveillance for diversion?

Diversion Surveillance includes an assessment of all employees who have EHR access and conduct medication transactions regardless of title or position.

How are 'peer groups' defined in Diversion Surveillance?

Peer groups are defined as all employees who care for patients within a specific department and have similar responsibilities. For instance, nurses who work in the intensive care unit are compared to the nurses within that department to identify outliers and potential signs of diversion.

Which medications are currently being evaluated for drug diversion?

By default, Diversion Surveillance monitors transactions related to all Class II to Class V controlled substances. Users can easily add other medications and immediately begin monitoring those medications for diversion risk.

Am I able to view a historic list of past events beyond the last 30 days?

Yes, the default 30-day historical view can be expanded to show up to 180-days. In addition, the system displays a timeline for each clinician that includes all flagged events and prior investigations for an unlimited period of time.

How long is data retained?

Each health system customer may choose a lookback period for the raw data retrieved from sources systems — EHRs, ADSs, wholesalers, time and attendance. The lookback period can range form one to five years. The diversion signal results are retained for 180 days. Data for flagged events and investigations is retained indefinitely.

Is Protected Health Information viewable?

Yes. Protected Health Information (PHI) is required to conduct drug diversion investigations. Access to PHI can be restricted by your system administrator through user security roles. All access to PHI is logged and available for audit purposes.

IT FAQs: Diversion Surveillance from LogicStream Health™

How is access controlled and logged?

The customer controls logins to the application, and what level of access each user has – ranging from read-only to full administrative access. The software has audit logs of activity.

​Where does Diversion Surveillance p store data?

The application is a SaaS solution. It stores non-PHI data in the cloud. LogicStream contracts with Microsoft Azure as our cloud-hosting provider. Health system customers may choose to either A) implement and manage an on-premise server environment to store PHI or B) rely on LogicStream to store PHI in the cloud.

​Will PHI be processed in Diversion Surveillance?​

Yes. Protected Health Information (PHI) is required to conduct drug diversion investigations. Access to PHI can be restricted by your system administrator through user security roles. All access to PHI is logged and available for audit purposes. PHI will be blinded for users that are not granted access. A business associate agreement (BAA) will be part of the agreement.

​Will Diversion Surveillance require that any of its hardware be installed on the customer’s network?

No, there are no dedicated, on-premise hardware devices. There is a requirement for customers to stand up and maintain an on-premise Windows server which is needed, at a minimum, to facilitate our out-of-the-box data integrations. This on premise server may also be used to store PHI (see above).

Has LogicStream Health’s security been verified?

Yes. Every year, LogicStream Health has an independent third party assess its security, including administrative controls, internal-facing technical controls, external-facing technical controls, web application vulnerability testing, and web application penetration testing. We also undergo an initial and often repeating assessments as part of every customer relationship. LogicStream’s SaaS software is hosted in a SOC2 Type II and HITRUST-certififed data center (see https://docs.microsoft.com/en-us/compliance/regulatory/offering-home) and LogicStream is currently pursing its own SOC 2 Type II certification.

Will The Diversion Surveillance require that software be installed on the customer’s network?

Yes. While The software is a SaaS solution, some software components will be installed on the customer’s on-premise server (see above), at a minimum, to process data extractions. This on-premise server may also be used to store PHI.

  • Will this software be vendor supported?​ Yes, LogicStream Health is responsible for supporting and deploying updates to the on-premise software components. The customer is responsible for maintaining the server infrastructure.​
  • How often will LogicStream deploy updates to the on-premise software?​ LogicStream Health typically schedules, tests and applies updates every three weeks, although occasional releases could be six or nine weeks apart. LogicStream works with your IT department to ensure we are correctly following your change management procedures.
Will the solution require any external connections to be made into or out of a customer network?


  • Is the data protected in transit?​ Yes – it is fully encrypted, both “at rest” and “in motion.”​
  • Are firewall rules configured to allow minimum access necessary? (limited by connection direction, port and server).​ The application must be able to make standard outbound, HTTPS (port 443) requests to a few domains hosted in Microsoft Azure. If firewalls restrict outbound traffic, limited updates may be required. ​No inbound connections are used.